Main Vulnerability Database Exploits ID:6028 - Exploit for Improper access control in Script Security - CVE-2019-1003000

ID:6028 - Exploit for Improper access control in Script Security - CVE-2019-1003000

Published: June 17, 2021

Vulnerability identifier: #VU21570

Vulnerability risk: High

CVE-ID: CVE-2019-1003000

CWE-ID: CWE-284

Exploitation vector: Remote access

Vulnerable software:
Script Security

Link to public exploit:

https://www.exploit-db.com/exploits/46572/

Vulnerability description

The vulnerability allows a remote attacker to bypass sandbox restrictions.

The vulnerability exists due to improper access restrictions in "src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java" when applying AST transforming annotations such as @Grab to source code elements. A remote authenticated attacker with Overall/Read permission, or able to control Jenkins file or sandboxed Pipeline shared library contents in SCM, can bypass the sandbox protection and execute arbitrary code on the Jenkins master.

Remediation

Install updates from vendor's website.

ID:6028 - Exploit for Improper access control in Script Security - CVE-2019-1003000

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human